summary refs log tree commit diff
path: root/pkgs/os-specific
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.10.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.9.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-rt-5.10.nix4
-rw-r--r--pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix68
-rw-r--r--pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch12
6 files changed, 54 insertions, 42 deletions
diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix
index db7ff9c912a..411a88d9293 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "5.10.1";
+  version = "5.10.2";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0p2fl7kl4ckphq17xir7n7vgrzlhbdqmyd2yyp4yilwvih9625pd";
+    sha256 = "18l1ywp99inm90434fm74w8rjfl4yl974kfcpizg2sp2p8xf311v";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index cee3d136d6d..0d504ff334a 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "5.4.84";
+  version = "5.4.85";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "058mhczv6whjwxn7jjh1c6n5zrqjdnvbl2mp7jkfrg6frpvgr189";
+    sha256 = "0220k327aa7gg48fqw171mcng8h717c4a1v14r3q36ksirnmiqqx";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.9.nix b/pkgs/os-specific/linux/kernel/linux-5.9.nix
index 9e740c0c2a6..39cc9c56c5f 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.9.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "5.9.15";
+  version = "5.9.16";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1vhaayqjv1ha3nsxy9zbsz497ba4d4a1g0gfhgxcvci8dp8djh2p";
+    sha256 = "11mbnjvb5d5gwbrwlkqvzpg1ij4m19l5wr3wca9iiyg5i2papmxh";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
index dfb4cb9cc86..07a74c10771 100644
--- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
@@ -6,7 +6,7 @@
 , ... } @ args:
 
 let
-  version = "5.10.1-rt19"; # updated by ./update-rt.sh
+  version = "5.10.1-rt20"; # updated by ./update-rt.sh
   branch = lib.versions.majorMinor version;
   kversion = builtins.elemAt (lib.splitString "-" version) 0;
 in buildLinux (args // {
@@ -25,7 +25,7 @@ in buildLinux (args // {
     name = "rt";
     patch = fetchurl {
       url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
-      sha256 = "0hihi7p866alh03ziz8q1l0p3sxi437h4a45c5dlv9lrg6f177qb";
+      sha256 = "0z8ljfcn908hzjl11fkmwrx2r7j0hcgpx07g21ag162qrn6g5qby";
     };
   }; in [ rt-patch ] ++ lib.remove rt-patch kernelPatches;
 
diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
index 3ab1ae28a7b..b8cdda5a69a 100644
--- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
+++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
@@ -1,46 +1,52 @@
-{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }:
+{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }:
 
 stdenv.mkDerivation rec {
-  name = "pam_ssh_agent_auth-0.10.3";
+  pname = "pam_ssh_agent_auth";
+  version = "0.10.4";
 
-  src = fetchurl {
-    url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2";
-    sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw";
+  src = fetchFromGitHub {
+    owner = "jbeverly";
+    repo = "pam_ssh_agent_auth";
+    rev = "pam_ssh_agent_auth-${version}";
+    sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs=";
   };
 
-  patches =
-    [ # Allow multiple colon-separated authorized keys files to be
-      # specified in the file= option.
-      ./multiple-key-files.patch
-      (fetchpatch {
-        name = "openssl-1.1.1-1.patch";
-        url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch";
-        sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf";
-      })
-      (fetchpatch {
-        name = "openssl-1.1.1-2.patch";
-        url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch";
-        sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww";
-      })
-    ];
+  ed25519-donna = fetchFromGitHub {
+    owner = "floodyberry";
+    repo = "ed25519-donna";
+    rev = "8757bd4cd209cb032853ece0ce413f122eef212c";
+    sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
+  };
 
   buildInputs = [ pam openssl perl ];
 
-  # It's not clear to me why this is necessary, but without it, you see:
-  #
-  # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d  10 Sep 2019)
-  # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d  10 Sep 2019)
-  # checking whether OpenSSL's headers match the library... no
-  # configure: WARNING: Your OpenSSL headers do not match your
-  # library. Check config.log for details.
-  #
-  # ...despite the fact that clearly the values match
-  configureFlags = [ "--without-openssl-header-check" ];
+  patches = [
+    # Allow multiple colon-separated authorized keys files to be
+    # specified in the file= option.
+    ./multiple-key-files.patch
+  ];
+
+  configureFlags = [
+    # It's not clear to me why this is necessary, but without it, you see:
+    #
+    # checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h  22 Sep 2020)
+    # checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h  22 Sep 2020)
+    # checking whether OpenSSL's headers match the library... no
+    # configure: WARNING: Your OpenSSL headers do not match your
+    # library. Check config.log for details.
+    #
+    # ...despite the fact that clearly the values match
+    "--without-openssl-header-check"
+    # Make sure it can find ed25519-donna
+    "--with-cflags=-I$PWD"
+  ];
+
+  prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/.";
 
   enableParallelBuilding = true;
 
   meta = {
-    homepage = "http://pamsshagentauth.sourceforge.net/";
+    homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
     description = "PAM module for authentication through the SSH agent";
     maintainers = [ stdenv.lib.maintainers.eelco ];
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch
index 190325251c9..71d8e08ecd0 100644
--- a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch
+++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch
@@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0
  
      /*
       * PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter.
-@@ -187,16 +184,17 @@
+@@ -184,5 +181,5 @@
       */
  
      if(user && strlen(ruser) > 0) {
 -        pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
 +        pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
  
+@@ -201,3 +197,3 @@
+                 retval = PAM_SUCCESS;
+-                pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
++                pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
+ 
+@@ -211,11 +208,12 @@
          /*
           * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
           */
 -        if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
--            pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+-            pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
 +        const char *key_file;
 +        if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */
-+            pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file);
++            pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file);
              retval = PAM_SUCCESS;
          } else {
 -            pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-18 19:27:32 +0000